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one embodiment of the present invention, the blinded unvalidated vote certificate is a 
f blinded hashed nonce. The voting center determines if the unblinded vote certificate is 
valid, step 203. If the unblinded vote certificate is valid, then a transaction response is 
performed, step 204.--/ 



Please amend the paragraph beginning at line 22 of page 15 to read as follows: 



In Message 1, a validated unblinded hashed none h(Ni) is sent with the nonce, 



Ni and the key Kcv are sent confidentially from the customer C (the voter) to the vendor 
(the voting center). Also sent is an authenticated request for a transaction of type S and 
an unvalidated blinded hashed (new) nonce, h(N(i+l)). The voting center performs the 
one-way hash function on nonce Ni and compares the result to the validated unblinded 
hashed nonce h(Ni)* If the two correspond, then the voting center determines that the 
validated unblinded hashed nonce is a valid vote certificate, sends an approval message in 
Message 2, and engages in the transaction of Message 3. Finally, the voting center 
validates the blinded hashed nonce of Message 1 and sends it to the voter, hi one 
embodiment, the voter then sends an authenticated acknowledgment message upon 
receiving the validated blinded hashed nonce from the voting center: 
Message5: C->V: [AckJKcv.--^ 



Please amend the paragraph beginning at line 12 of page 16 to read as follows: 



^ --In one embodiment of the present invention, a transaction response includes 



validating the blinded unvalidated vote certificate to obtain a validated blinded vote 
certificate, and sending the validated blinded vote certificate atomically bound to the 
transaction request message to a transaction response recipient.— ^ 



Please delete the paragraph beginning at line 3 of page 17. 

Please amend the paragraph beginning at line 12 of page 17 to read as follows: 



-In one embodiment of the present invention, audit data is included to help 



protect against fraud. The transaction request message atomically binds an unblinded 
vote certificate, a blinded unvalidated vote certificate to be validated, and blinded audit 
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data. Not every message is audited, so the blinding of the audit data protects the privacy 



of the voter when no audit is performed. 



Please amend the paragraph beginning at Hue 19 of page 17 to read as follows: 
j^ --Audits are typically performed randomly in accordance with the present 



invention. However, audits can also be triggered, for example, by unusual service 



activity that may i ndicate that a voter is sharing its vote certificates with others.-j^ " 
Please amend the paragraph beginning at line 28 of page 17 to read as follows: 



jA-An embodiment of the audit method in accordance with the present invention is 
shown in FIG. 3. During registration, the voter provides an audit secret to the voting 
center. During the redemption process, every transaction request message from the voter 
includes a blinded version of the audit secret. Thus, the voting center receives a 
transaction request message with a blinded audit secret, step 302. Rather than sending an 
audit response message to the voter, the voting center sends an audit request message 
atomically bound to the transaction request message, step 303. The voting center 
receives an audit response message from the customer that includes audit response data, 
step 304. In one embodiment, the audit response data includes an audit secret and the 
audit blinding factor. As with the blinded vote certificate, the audit blinding factor is 
combined with the audit secret in transaction requests to hide the audit secrete from the 
voting center until an audit is initiated by the voting center. The voting center determines 
if the transaction request message of step 302 is legitimate using the audit response data, 
step 305. In one embodiment, the transaction request message is legitimate if the audit 
secret combined with the blinding factor provided in the audit response message 
corresponds to the blinded audit secret received in the transaction request message of step 
302. If the transaction message of step 302 is determined to be legitimate, step 306, then 
the voting center validates the blinded unvalidated vote certificate received from the voter 
in the transaction request message of step 302, step 307. The voting center then sends the 
validated blinded vote certificate to the voter, step 308. If the transaction request 
message of step 302 is determined not to be legitimate, step 306, then in one 
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embodiment, the voter's transaction is terminated, step 309. That is, no certificate is 




Please amend the para graph beginning at line 3 of page 20 to read as follows: 

/ -Message 1 is a transaction request with audit features. In message 2, the voting 
center V initiates an audit by sending an authenticated audit initiation message. The 
voter sends an audit response message to the voting center. The audit response message 
in this embodiment includes audit data comprising the voter identifier, C, the nonce Ni, 
an audit secret Audit_Secret, and Salt. The voting center in this embodiment is also the 
registrar, and so has the AuditJSecret received from voter C during the registration 
process. First, the voting center compares the audit secret received in Message 3 with the 
audit secret received from the voter in the voter's registration message. These must 
correspond in order for the voting center to determine that Message 1 is legitimate. The 
voting center also hashes the audit secret, nonce and salt received in Message 3 and 
compares it to the hashed combination of the audit secret, nonce and Salt received in 
Message 1 . These must also correspond so that the voting center knows that the audit 
secret provided by the voter in Message 3 is the same as the audit secret embedded in 
Message 1. If both of these correspondences are established, then the transaction 
response message (Message 1) is determined to be legitimate, and a validated blinded 
hash is sent to the voter in Message 4. In one embodiment of the present invention, an 
authenticated acknowledgment message is sent from the voter to the voting center when 
the voter receives Message 4: 

Messages: C->V: [Ack]Kcv 

The purposes of the Salt in the above message is to protect the anonymity of the voter 
and the unlinkability of the voter's transactions based upon audit information. Without 
Salt, a voting center could associate a transaction request message with a voter's identity 
using h(Ni,Audit_Secret) received in the transaction request message. Recall that when 
the voting center is the registrar, the voting center has a record of audit secrets received 
during the registration process from the voter, with each audit secret associated with a 



Received from < 610 346 8189 > at 2/20/03 10:55:32 AM [Eastern Standard Time] 



Feb 20 03 11:00a 



uuenda ui koba esq 



B10-346-8189 



p. 9 



Goldschlag 112305CON 

voter identifier. A voting center could hash the nonce Ni received in a transaction request 
message with the audit secrets it knows from registration until a match is found with the 
audit data received in the transaction request message. In order to prevent such an 
exhaustive search from revealing a voter identity, nonce Salt is hashed with the audit 
secret and nonce Ni in each transaction response message. Because Salt is a nonce, it 
changes from message to message, rendering the audit data in a transaction request 
message untraceable by the voting center.-^ 1 



Please amend the paragraph begin ning at line 22 of page 21 to read as follows: 

) -The audit features of the present invention advantageously deter trie illicit 
sharing of voting certificates. An improper party is not likely to have the audit secret, 
which in one embodiment is a credit card number, or other valuable data for which the 
registered voter has a strong incentive to keep confidential. This provides a disincentive 
for sharing the data that is needed to pass an audit. Illicitly sharing a subscription also 
incurs a risk of subscription termination, and is thereby further deterred by the present 
invention.-^^ — ■ — — — 



Please amend the paragraph beginning at line 3 of page 22 to read as follows: 
J-Vnz present invention terminates a series of transactions simply by not 



validating and returning an unvalidated blinded vote certificate as part of the last 
Jransaction--^ - ™ — «■——-———■— 



Please amend the paragraph beginning at line 16 of page 22 to read as follows: 



/ -In one embodiment, broken protocols are considered to be automatically 
acknowledged after some predetermined period of time, after which the voter cannot 
recover from the break, and replay is not allowed. If a connection breaks after the receipt 
of a new validated blinded vote certificate has been acknowledged by the voter in the 
redemption protocol, then the voter can simply use the ne w vote certificate in the next 
transaction request^^ 
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Please amend the paragrap h beginning at line 24 of page 22 to read as fo llows: 

A -If the connection breaks befoie the voter has received the new validated blinded 
vote certificate in the redemption protocol, then the protocol is replayed. An embodiment 
of the trusted recovery protocol is shown in FIG. 4. The voting center stores the 
messages of each protocol run (one instance of Messages 1 through 4 of the redemption 
protocol above), step 401, until the voting center receives an acknowledgment message 
from the voter indicating that the voter has received the new vote certificate (Message 5 
in the redemption protocol), or until the predetermined automatic acknowledgment time 
has elapsed, step 402. When the voter realizes the connection has been broken, step 403, 
the voter replays the protocol run starting from the transaction request message (Message 
1 of the redemption protocol), step 404. The voting center identifies the presented vote 
certificate as already spent, and consults its recovery database (in which the protocol runs 
are stored), step 405. If the recovery database indicates that no acknowledgment from the 
voter has been received, step 406, then the voting center returns the stored response, step 
407. As mentioned above, the transaction is skipped, but the voter receives a new 
validated blinded vote certificate to use in the next protocol run to engage in the 
transaction. Note that the voter does not identify itself during recovery in accordance 
with the present invention, advantageously protecting the voter's anonymity.--^ 



Please delete the paragraph beginning at line 21 of page 23* 

Please delete the paragraph beginning at line 29 of page 23. 

Please delete the paragraph beginning at line 10 of page 24, 

Please amend the paragraph beginni ng at line 19 of page 24 to read as follows: 

j/ .-In accordance with the preferred embodiment of the present invention, a voter 
registers and receives a validated, blinded certificate to cast in a vote. The registration 
process ensures, for example, that each voter is entitled to cast only one vote. In one 
embodiment, a different electronic destination is provided for each option for which the 
vote may be cast. The voter unblinds the validated, blinded voting certificate and sends it 
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to the destination corresponding to the option for which the voter chooses to vote. In 
another embodiment, the voter indicates its choice in a certificate, blinds it, sends it to be 
certified, receives it back, unblinds it, and sends it to an electronic destination. For 
example, in an election with two choices, an even random number (nonce) corresponds to 
the first choice, and an odd random number (nonce) corresponds to the second choice. 
The voter picks an odd or even nonce in accordance with the voter* s choice, and votes in 
accordance with the present invention. This advantageously avoids having to designate 
different destinations for different votes.--^ 



Please amend the paragraph beginning at line 10 of page 25 to read as follows: 



jF»An embodiment of an apparatus in accordance with the present invention is 



shown in FIG. 5. A server 501 includes a processor 502 coupled to a memory 503 that 
stores voting transaction instructions 504 that are adapted to be executed on processor 
502. Server 501 further comprises a port 505 that is adapted to be coupled to a network 
506. Port 505 is coupled to processor 502 and memory 503. A client (e.g., a voter) 507 
is also coupled to the network S06.--^—*'" M " 



Please amend the paragraph beginning at line 7 of page 26 to read as follows: 



^-In one embodiment of the present invention, transaction instructions 504 are 



adapted to be executed by processor 502 to perform the steps of initializing a series of 
electronic transactions. For example, the instructions are adapted to be executed by 
processor 502 to receive an initialization request message that atomically binds 
authorization data and a blinded unvalidated vote certificate to be validated; determine if 
the authorization data is valid; if the authorization data is valid, then to validate the 
blinded unvalidated vote certificate to obtain a blinded validated vote certificate; and to 
send an initialization response message to a registrant that includes the blinded validated 
vote certificate atomically bound to the initialization request me ssage.-- 

Please amend the paragraph beginning at line 21 of page 26 to read as follows: 



/--In another embodiment of the present invention, transaction instructions 504 are 



adapted to be executed by processor 502 to perform an electronic transaction, e.g., to 
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receive a transaction request message that atomically binds an unblinded vote certificate 
and a blinded unvalidated vote certificated to be validated; determine if the unblinded 
vote certificate is valid; and if the unblinded vote certificate is valid, then to perform a 
transaction response that validates the blinded unvalidated vote certificate to obtain a 
validated blinded vote certificate, and sends the validated blinded vote certificate 
atomically bound to the transaction request message to a transaction response recipient in 
a transaction response message.-^* 



Please amend the paragraph beginning at line 4 of page 27 to read as follows: 

/--In yet another embodiment, transaction instructions 504 are adapted to be 



executed by processor 502 to audit an electronic transaction, e.g., lo receive a transaction 
request message that atomically binds an unblinded vote certificate and a blinded audit 
data; to send an audit request message atomically bound to the transaction request 
message to an audit recipient; to receive an audit response message atomically bound to 
the audit transaction message, where the audit response message includes audit response 
data; and to determine if the blinded audit data is valid using the audit response data.- ^ 



Please amend the paragraph beginning at line 21 of page 27 to read as follows: 



✓-The present invention advantageously provides for anonymous, unlinkable 



electronic voting that assures the voting center of a valid vote being cast while protecting 
the privacy of the voter.-^ 



Remarks 

Reconsideration of rejected claims 1-27 is respectfully requested. 

hi the Office action dated November 20, 2002 (application Paper No. 8), the 
Examiner rejected all pending claims under 35 USC 103(a) as being unpatentable over 
US Patent 5,495,532 (Killian). In the rejected of each claim, the Examiner cited Killian 
at col. 1, lines 27-64; col. 3, lines 3-15; col. 11, lines 15-30; col. 11, lines 3-13; and col. 
1 1 , lines 32-67 as showing "elements that suggest the elements and limitations of [the 
rejected claim]}. The Examiner then concluded, for each claim, that Killian lacked "an 
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